[E-Lang] defense in depth
Thu, 25 Jan 2001 10:47:55 -0800
At 06:19 PM 1/25/01 GMT, Nikita Borisov wrote:
>My understanding is that stack introspection, as it's used in Java, is
>not a method of "defense in depth"; it's a method of defense. If one
>turns off stack introspection, the Java security model is now completely
>broken. It's somewhat nonsensical to name any one method of protection
>as "defense in depth", since defense in depth is a strategy of combining
>several protection methods.
Absolutely. We should reserve the term "defense in depth" for systems
where there are at least two independent defenses, either one of which is
designed to be sufficient by itself. The Apache in EROS is an example (for
protecting data that isn't needed by Apache).